Microsoft has offered a temporary “Fix It” workaround for a bug in Internet Explorer 6, 7 and 8 that is being exploited on some websites.
The vulnerability involves the way the browser handles cascading style sheets (CSS), triggered by recursive CSS pages where the style sheets include their own address. The flaw was confirmed by Microsoft in December, and it has updated its advisory to include a workaround due to reports of attacks that target the vulnerability.
The workaround comes in the form of a “Fix It” solution from Microsoft. To be effective, the browser needs to have all the existing security updates installed. The fix basically forces Internet Explorer to avoid importing a CSS style sheet if it has the same URL as the CSS style sheet from which it is being loaded.
Using the Fix It solution will cause a slight performance hit, adding about 150 milliseconds to the browser’s start-up time, so it should be removed after Microsoft releases a proper security update for the flaw.
Result for: security updates
Oracle has issued Java and OpenOffice patches today, patching 29 vulnerabilities that would allow attackers to take control of exploited computers.
28 of the vulnerabilities “could be remotely exploitable without authentication (over a network without the need for a username and password),” says Oracle, via ZD.
The patches are available for users running Windows, Linux and Solaris. Mac users are also vulnerable, but security updates are not expected for another month.
Alarmingly, 15 of the vulnerabilities were given a 10.0 Common Vulnerability Scoring System (CVSS-SIG) severity rating. The scale goes from 1 to 10.
Given the severity, Oracle says you should update your system “as soon as possible.”
Check your system for updates here: http://java.com/en/download/installed.jsp
Result for: security updates
Microsoft has reminded users today that support for Windows 2000 and Windows XP SP2 will end on July 13th, 2010, giving users enough time to upgrade.
After July 13th, there will no longer be any security updates or assisted support and users will be completely on there own. Additionally, Windows 2003 Server will move from “Mainstream Support” to “Extended Support” and will become unsupported in 2015.
Windows 2000 is currently in SP4, and has had all of its other service packs retired in the past decade. Users are encouraged to upgrade, even just to XP SP3. XP Service Pack 2 users are encouraged to update to SP3 (which is free), Vista or 7.
